Table of Contents
OTP(One-Time Password) Definition
An OTP automatically generate number or alphabetic character string with which a user authenticates himself for a single session.
The one-time password can be generated dynamically or taken from a previously created list of static one-time passwords.
It is especially true when the user is responsible for creating the password. These are usually weak.
One-Time passwords used as a replacement for authentication or as an add-on to add another security layer to the construct.
What is the Procedure for generating a One-Time Password?
To log in with an OTP, the user and the system must know the valid and used password.
- They are two methods to achieve this: creating password lists and dynamic password generation.
- The password lists contain several passwords on the user and system side. These can freely select or use in a specific order.
- If a password used, both sides delete it from their lists. If all passwords have already applied, Then have to create a new list.
- An example of this type of one-time password is the TAN list for online banking. If a password list is lost, an unauthorize person can have valid passwords.
What are the Different Generations in OTP?
Dynamic generation is possible in three ways:
Time-Controlled generation
- With this generation, an OTP generator and the server generate time-synchronized passwords using the same algorithm.
- The passwords are valid for a certain period and known for both sides.
Event-Driven generation
- It generates the password, for example, by an action such as pressing a button on the OTP generator.
- The new password arises from a calculation of the previously valid password, and therefore, it checks by the server.
Server generation
- When the server generation provides the client with a value from which the one-time password can generate using a specific algorithm.
- And also, The server knows the specified value and the algorithm and can check the generated password.
What is the OTP token?
- OTP tokens are small hardware devices for generating one-time passwords. The generators usually equip with a one-line display.
- And also, They are known password generators and can take the form of a bank card or a small box.
- Depending on the method of OTP generation, they generate a new password at specific intervals or after pressing a key and show it on display.